Install the app
How to install the app on iOS

Follow along with the video below to see how to install our site as a web app on your home screen.

Note: This feature may not be available in some browsers.

Docker network help please

Telos

Subscriber
4,312
1,477
NAS
DS4l8play, DS202j, DS3623xs+, DSM 8.025847-𝘣𝘦𝘵𝘢
All of my containers seem to have an issue with internet access. I can't pick the exact moment but it either occurred after I installed Portainer (and who knows what I might have accidentally clicked), or... I have recently got a qbittorrent container running with a built-in VPN (it created a new network (no attached containers).

But my jdownloader containers cannot connect anywhere; same with a youtube downloader (tried youtube and Vimeo links), and now I started radarr for the first time and tried to add a new show and the search function never completed, not would a tracker test OK.

I'm at a loss here. All was well a few days ago.

Interestingly the qbittorrentvpn docker works and I can download through my VPN provider at a nice rate.

But any "normal" connection fails.

All I can think of at this time is to delete the qbittorentvpn container (and its created network).

Here's what I have...

Code:
docker network ls
NETWORK ID          NAME                     DRIVER              SCOPE
a721129ed026        adguard_bridge           bridge              local
eb1c68c30ef9        adguard_network          macvlan             local
bd7635c43078        bridge                   bridge              local
26569c45a8f1        host                     host                local
c12cddbfa80e        none                     null                local
f1f681b90828        qbittorrentvpn_default   bridge              local
 
Uh oh. Am I in trouble? I’d look in the Synology docker ui under network tab. You can go in and stop the container then edit it to access that. Make sure it’s using bridged network. Try that.
 
Last edited:
That's where all my containers are (except Adguard Home) but it seems nothing is "bridged".

JbAMvMQ.png
dhEu4lR.png
 
OK... YIKES>>> this is some kind of DNS problem...

Using Portainer (I'm edging towards scary dangerous here...) I edited the containers for the jdownloader and the youtube downloader, adding 8.8.8.8 to the DNS field. Saved and relaunched the containers, and both are working !!!

So... something is amiss with the bridge DNS. How do I troubleshoot that?

I'm further up on the learning curve that I have experience for... and I'm feeling a bit light-headed. Hoping someone can help me clear this up.
 
Last edited:
Portainer couldn't have done something that caused the behavior.

A VPN client on the other hand could have cause the behavior very much, especialy if the container runs in priviliged mode. Containers in privilged mode basicly run with "the host's root permissions" and are weak isolated compared to a normal container.

The default bridge network does not have a DNS server. Each container gets the file /etc/resolve.conf injected from the host. Whichever DNS servers are configured on the host, will be used inside the container.

Custom created bridge network on the other hand have a build in DNS Server, used to resolve service/container/service names of containers in the same network.

You can diagnose network problems with the netshoot container:
docker run -it --net container:<container_name> nicolaka/netshoot

This container provides an interacive shell with all required tools to troubleshoot network issues. It hooks into the "network interface" of another container (actualy it just hooks into the same namespace for the network interface used by the other container). The network behaves exactly like it would on the container you diagnose, with the difference that you have the swiss army knive of network troubleshooting tools at hand.

See: nicolaka/netshoot for further details.

Bonus: If you replace container:<container_name> with host, you can launch netshoot in the host's network namespace.
 
Thanks 🍪 It's good to know that I couldn't have damaged anything with Portainer... particularly as I cleaned out all the "leftover volumes" that I assumed where orphaned.

I'm playing w/netshoot, though I'm not at all sure what I'm seeing. I do have the qbittorentvpn container set to run in privileged mode. I unchecked that and relaunched the container, but its IPort browser URL would not load.

So my connectivity issue seems to point to the qbittorentvpn container. I may delete it and try to set it up from scratch (as I went down several wrong rabbit trails before I got it to work).
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Popular tags from this forum

Similar threads

There must be already be some sort of dependency, as the deluge service joins the network namespace of the...
Replies
6
Views
687
Ok got this running.. But how do I specify the custom_user/password settings in the yaml-file? EDIT...
Replies
7
Views
996
For the heck of it, I just checked again in docker container, and it announced an update was available. I...
Replies
4
Views
1,084
  • Question Question
Do realize, that enabling any user to run docker containers is largely the same as giving that user full...
Replies
6
Views
1,764
Hello, I already have it configured perfectly with wireguard. I was looking at the Gluetun configuration...
Replies
4
Views
1,692
Thanks... I tried something similar with rsync. The docker volume lived in...
Replies
7
Views
1,908

Thread Tags

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending content in this forum

Back
Top